UbuntuUpdates.org

Package "qpdf"

Name: qpdf

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • development files for PDF transformation/inspection library
  • runtime library for PDF transformation/inspection software
Latest version: 11.5.0-1ubuntu1.1
Release: mantic (23.10)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "qpdf" in Mantic

Repository Area Version
base main 11.5.0-1
base universe 11.5.0-1
security main 11.5.0-1ubuntu1.1
security universe 11.5.0-1ubuntu1.1
updates universe 11.5.0-1ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 11.5.0-1ubuntu1.1 2024-03-25 14:06:55 UTC

  qpdf (11.5.0-1ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: heap overflow via std::__shared_count()
    - debian/patches/CVE-2024-24246.patch: handle parse error stream data
      in libqpdf/QPDF_json.cc, qpdf/qpdf.testcov, qpdf/qtest/*.
    - CVE-2024-24246

 -- Marc Deslauriers <email address hidden> Wed, 20 Mar 2024 10:40:27 -0400
Source diff to previous version
CVE-2024-24246 Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_pt

Version: 11.5.0-1ubuntu1 2023-11-16 23:09:10 UTC

  qpdf (11.5.0-1ubuntu1) mantic; urgency=medium

  * Fix data loss bug introduced in 11.0.0 and fixed in 11.6.3. The bug
    causes the qpdf tokenizer to discard the character after a one-digit
    or two-digit quoted octal string. Most writers don't create these, and
    they are rare outside of content streams. By default, qpdf doesn't
    parse content streams. The most common place for this to occur would
    be in a document's /ID string, but in the worst case, this bug could
    cause silent damage to some strings in a PDF file's metadata, such as
    bookmark names or form field values. (LP: #2039804)

 -- Jay Berkenbilt <email address hidden> Thu, 19 Oct 2023 07:20:25 -0400
2039804 Data loss: qpdf discards the character in a binary string following an octal quoted character with 1 or 2 digits


About   -   Send Feedback to @ubuntu_updates